Today, the Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the FAIR Package Manager project, a federated and independent repository of trusted plugins and themes for web hosts, commercial plugin and tool developers in the WordPress ecosystem and end users. The FAIR Package Manager project, through its contributors, creates net new interoperability, making the web publishing ecosystem more innovative and accessible for all.

Vendor-neutral package management for content management systems like WordPress provides critical universal infrastructure that addresses the new realities of content, e-commerce and AI. The FAIR Package Manager project helps make plugins and tools more discoverable and lets developers choose where to source those plugins depending on the needs of their supply chain. By giving commercial plugin developers, hosts, and application developers more options to control the tools they rely on, the FAIR Package Manager project promotes innovation and protects business continuity.

“The FAIR Package Manager project paves the way for the stability and growth of open source content management, giving contributors and businesses additional options governed by a neutral community,” said Jim Zemlin, Executive Director of the Linux Foundation. ”We look forward to the growth in community and contributions this important project attracts.”

Hidden malware strikes WordPress mu-plugins. Our latest findings reveal how to safeguard your site against these threats.

While analyzing threats targeting WordPress frameworks, we found an attack where a single 3rd party JavaScript file was used to inject four separate backdoors into 1,000 compromised websites using cdn.csyndication[.]com/.

Learn about the fake Google reCAPTCHA campaign infecting machines by tricking unsuspecting users into running malicious Powershell commands.

Dive into our investigation of WordPress malware and find out how mu-plugins are used to hide backdoor threats.

Third-party scripts are a key part of the supply chain, giving 3rd party access to sensitive data or allowing malicious actions in the browser of your user. c/side helps you regain control over your website.

Learn about the steps we took to uncover and neutralize a malware infection redirecting WordPress traffic to dangerous URLs.

Third-party scripts are a key part of the supply chain, giving 3rd party access to sensitive data or allowing malicious actions in the browser of your user. c/side helps you regain control over your website.

ClickFix fake browser updates are being distributed by bogus WordPress plugins. Learn about the common indicators of compromise.

Understand the threat of PHP reinfector malware on WordPress sites, compromising plugins like Imagify and using malicious admin users.

WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site.

WordPress plugins are under active attack, a new banking trojan is spreading, and phishing and brute-force attacks continue unabated.

Discover the details of the critical vulnerability CVE-2024-8353 in GiveWP donation plugin for WordPress and the potential impact on your website.

There is a critical vulnerability in the LiteSpeed Cache plugin - Unauth Account Takeover in < 6.5.0.1 affecting 5+ millions of sites.

Learn about the ClearFake Trojan malware distributed via WordPress sites, its tactics, and how to safeguard your online experience.

A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts.
#Admin #Cache #Computer #InfoSec #LiteSpeed #Plugin #Security #Takeover #Website #WordPress

WordPress admins, take heed: A recent development in a malware downloader called "SocGholish" could place your visitors at risk from malware infections!

Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely.
#Actively #Calendar #Computer #Events #Exploited #File #InfoSec #Modern #Plugin #Security #Upload #Vulnerability #WordPress

We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000.

Researchers have discovered several vulnerabilities in popular WordPress plugins that allow attackers to create rogue admin accounts.
#attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability